CVE-2012-4739

Multiple cross-site scripting (XSS) vulnerabilities in Barracuda SSL VPN before 2.2.2.203 (2012-07-05) allow remote attackers to inject arbitrary web script or HTML via the (1) policyLaunching, (2) resourcePrefix, or (3) actionPath parameter in showUserResourceCategories.do; (4) list or (5) path parameter to fileSystem.do; or (6) return-To parameter to launchAgent.do.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:barracudanetworks:barracuda_ssl_vpn:*:*:*:*:*:*:*:*
cpe:2.3:a:barracudanetworks:barracuda_ssl_vpn:1.2.6.004:*:*:*:*:*:*:*
cpe:2.3:a:barracudanetworks:barracuda_ssl_vpn:1.5.0.29:*:*:*:*:*:*:*

History

No history.

Information

Published : 2012-08-31 20:55

Updated : 2024-02-04 18:16


NVD link : CVE-2012-4739

Mitre link : CVE-2012-4739

CVE.ORG link : CVE-2012-4739


JSON object : View

Products Affected

barracudanetworks

  • barracuda_ssl_vpn
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')